0

I'm getting a very weird result ! I posting an id from java class where the id will used in php script to retrieve specific data. The value should be 1, but it always display 2 

<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
    //Getting values 
    $id = $_POST['id'];

    //Creating sql query
    $sql = "SELECT xuenian FROM student WHERE sid='$id'";

    //importing dbConnect.php script 
    require_once('db_config.php');

    //executing query
    $result = mysqli_query($con,$sql);

    $value = mysqli_fetch_object($result);
    $value->xuenian;

    if($value === "1"){
        echo "1";
    }else{
         echo "2";
    }
    mysqli_close($con);
}

I have tried ==, the result still same.

Java class

 public void loadResults(final String id, final int xuenian) {

        StringRequest stringRequest = new StringRequest(Request.Method.POST, AppConfig.URL_CHECKID,
                new Response.Listener<String>() {
                    @Override
                    public void onResponse(String response) {
                        Toast.makeText(getApplication(),response+"from php",Toast.LENGTH_LONG).show();
                    }
                },
                new Response.ErrorListener() {
                    @Override
                    public void onErrorResponse(VolleyError error) {
                        Toast.makeText(getApplication(), error + "", Toast.LENGTH_LONG).show();
                    }
                }) {
            @Override
            protected Map<String, String> getParams() throws AuthFailureError {
                Map<String, String> params = new HashMap<>();
                //Adding parameters to request
                params.put(AppConfig.KEY_USERID, id);
                //returning parameter
                return params;
            }
        };

        //Adding the string request to the queue
        RequestQueue requestQueue = Volley.newRequestQueue(this);
        requestQueue.add(stringRequest);
    }
executable
  • 3,365
  • 6
  • 24
  • 52
Tony
  • 2,515
  • 14
  • 38
  • 71
  • 1
    Please read about [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection). Instead of building queries with string concatenation, use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Jan 15 '19 at 15:55
  • *"I posting an id from java class"* - ??? – Funk Forty Niner Jan 15 '19 at 15:55
  • @FunkFortyNiner Yes,by post method. – Tony Jan 15 '19 at 15:56
  • See Alex's answer. – Funk Forty Niner Jan 15 '19 at 15:59
  • @FunkFortyNiner noted. – Tony Jan 15 '19 at 16:03

1 Answers1

4

You're setting $value to an object here:

$value = mysqli_fetch_object($result);

Then this line does nothing:

$value->xuenian;

On the next line, $value is still an object, but you're comparing it to a string, which will always be false:

if($value === "1")
{
    echo "1";
}else{
    echo "2";
}

You probably want this:

if($value->xuenian === "1")
Alex Howansky
  • 50,515
  • 8
  • 78
  • 98